Microsoft Security Essentials Alert Malware
Microsoft warns of the fake Microsoft Security Essentials Alert that was discovered to pretend as a security tool from the software giant. In fact, it is a fake program trying to scam computer owners and earn a profit from this fraudulent activity. Microsoft Security Essentials Alert malware is introduced in an alert message reporting various threat details. It will give an option to fix the computer and remove the threat by providing a “Scan Online” button. Clicking on it, will load a new window that display a number of available programs. There are actually so many legitimate programs present on the choices but mixed with rogue ones. Noticeably, only those fake programs are executable including Red Cross, Peak Protection, Pert Detector, Major Defense Kit and AntiSpy Safeguard.
Any indication on the presence of Microsoft Security Essentials Alert Malware on the computer should be given special attention and clean right away with a real anti-virus program. Try to restore the computer to previous restore points created on Windows System Restore. This migth give you a clean and fresh working environment. It is best to have an anti-malware program installed that provides real-time scanning to block malicious Internet activities that can dropped rogue programs like Microsoft Security Essentials Alert Malware.
| Type | Rogue |
| Sub-Type | FakeAV |
| Aliases | |
| OS Affected | Windows |
| Detected By | MalwareBytes |
What are the Symptoms of ”Microsoft Security Essentials Alert” Malware Infection?
It will modify Windows Registry and add the following entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon “Shell” = “%UserProfile%\Application Data\antispy.exe”
HKEY_CURRENT_USER\Software\PAV
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnonBadCertRecving” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnPostRedirect” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “tmp”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce “SelfdelNT”
The threat will drop the following malicious files:
%UserProfile%\Application Data\PAV\
%UserProfile%\Application Data\antispy.exe
%UserProfile%\Application Data\defender.exe
%UserProfile%\Application Data\tmp.exe
%UserProfile%\Local Settings\Temp\[random]
How to Remove ”Microsoft Security Essentials Alert” Manually
1. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode
2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
- Click Start > Run
- Type in the field, regedit
- Navigate and look for the registry entries mentioned above and delete if necessary
3. Delete malicious files that the threat added:
- Base on the given location above, browse and delete the file
- If no location is given, click Start>Search> and search for the files.
- If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.
4. Scan computer with Antivirus Program
- Update antivirus program
- Scan computer and delete all detected threats.
How to Easily Remove “Microsoft Security Essentials Alert”
1. Download and run Removal Tool to remove this computer threat.
Live Security Suite Firewall Alert AntiSpy Safeguard
Had to remove this from my dads Win XP run laptop. Malwarebytes remove all the fires but one. This file ended up being found at %UserProfile%\Application Data\hotfix.exe Was able to figure out this fir was the culprit due to the fact the creation date was the exact same as when the laptop first showed the problems and that the last accessed date and time were from when I last booted Windows normally. Since deleting the hotfix.exe while in safe mode the problem is fixed. Malwarebytes, Spyware Doctor and Spybot search and Destroy are all coming up clean where before they were flagging various other malware such as virtumonde
Hope that what I found helps others who are having problems removing this malware program.
Had this same type of virus on my laptop yesterday and had a little trouble removing it. The virus i had did not want to let anything open like Internet Explore and other various software i had installed on my computer. I checked the virus with every possible virus removal software i had and did not show anything on it. I did a system restore to the laptop and did not want to restore successfully. So then i restarted the laptop and restored it in safe mode to an earlier time and it worked fine.
My executable was called wdvvmb.exe. The procedures above worked, but the files were a little different. Thanks.